Cisco Notification Alert -3850 Series Switch-01-Jul-2015 16:48 GMT

Feedback Sign Up Unsubscribe         Known Bugs - Catalyst 3850 Series Switches Bug Id: CSCui59593 Title: PBR: policy route map not working | WS-C3850-24T - 03.02.01.SE Description: Symptom: PBR functionality does NOT seem to work the way it should in certain conditions as mentioned below, routing does NOT happen the way PBR is configured. Conditions: Policy based routing configured on 3850 switch with permit and deny statements in the route-map or in the access-list tied with route-map. For eg: If your route-maps for PBR are applied in this way: route-map VLAN2 deny 45 ------<<<< deny match ip address 1 route-map VLAN2 permit 50 ------<<<< permit match ip address 2 set ip next-hop 1.o.0.1 or ACL for PBR: access-list 113 deny ip 1.1.e.0 0.0.0.255 1.2.e.0 0.0.0.255 ------<<<< deny access-list 113 permit ip 1.1.e.0 0.0.0.255 any ------<<<< permit Workaround: Workaround: Work this problem around by configuring route-map/acl with below technique: the access-lists 3 permits the subnets that you want to DBR (destination based routing with normal IP routing) as there is no set clause. The access-list 4 should PBR the rest of the traffic to defined next-hop. route-map VLAN3, permit, sequence 45 Match clauses: ip address (access-lists): 3 -------<<<< normal routing table Set clauses: Policy routing matches: 0 packets, 0 bytes route-map VLAN3, permit, sequence 50 Match clauses: ip address (access-lists): 4 -------<<<< PBR Set clauses: ip next-hop 1.o.0.1 this problem is fixed in: IOS-XE: 3.3.0SE and later Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 03-JUN-2015 Known Affected Releases: 15.0(1)EX, 15.0(1)EY Known Fixed Releases: 15.0(1)EZ, 15.0(12.3)EMW, 3.3(0)SE Bug Id: CSCus93034 Title: 5760 segmentation fault(11) on Auth-proxy HTTP daemon Description: Symptom: IOS Thread backtrace: IOSD-EXT-SIGNAL: Segmentation fault(11), Process = Auth-proxy HTTP daemon 0 5760 crashes Conditions: Usage of web authentication Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 03-JUN-2015 Known Affected Releases: 10.2(100.0) Known Fixed Releases: Bug Id: CSCur16497 Title: Egress WCCP does not work when configured with Egress SPAN Description: Symptom: On a stack of 3850 switches (WS-C3850-48T-E) running 3.3.4SE, when wccp redirect out is configured on the vlan interface the traffic is not getting redirected Conditions: "ip wccp 61 redirect out" or "ip wccp 62 redirect out" configured on the WAN side along with egress wccp span. Workaround: remove egress span from the same interface as egress wccp. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 05-JUN-2015 Known Affected Releases: 15.0(1)EZ4 Known Fixed Releases: 15.2(3)E1, 3.7(1)E Bug Id: CSCut05943 Title: 3850 incorrect vlan tag once using private vlans Description: Symptom: SW1 Gi1/0/1----TRUNK----Gi1/0/1 SW2 Gi1/0/2----TRUNK----Gi1/0/1 SW3 Gi1/0/48 | | Host (ISOLATED VLAN Y) Each switch has SVI X (PRIMARY vlan). ISOLATED VLAN Y is mapped to PRIMARY VLAN X. We can ping from Host to SVI X of SW1 and SW2 but not SW3. Conditions: - 3850/3650 switches running cat3k_caa-universalk9ldpe.SPA.03.07.00.E.152-3.E.bin - all switches configured with private vlans - host configured in ISOLATED vlan and trying to communicate with host in PRIMARY vlan, while traffic has to pass between trunks on a device in the middle Workaround: - no workaround to have the setup working as expected and not loosing functionality - we can use COMMUNITY instead of ISOLATED, however then we do not achieve the goal of having isolated hosts - we can change interfaces from TRUNKs to PRIVATE-VLAN PROMISCOUS but then we can have only one PRIMARY vlan - we can remove private vlan configuration from SW2, but then we are not able to use private vlan feature on SW2... Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 06-JUN-2015 Known Affected Releases: 3.7(0)E Known Fixed Releases: 15.2(3)E1, 3.7(1)E Bug Id: CSCuq31741 Title: WS-C3850-48P/3.6.0E:sh sys sysmgr ser UUID nnn policies cause crash Description: Symptom: When we run following CLI commands, the system_mgr_cli coredumps: show system sysmgr service uuid 505 policies show system sysmgr service pid 505 policies Conditions: When we run following CLI commands, the system_mgr_cli coredumps: show system sysmgr service uuid 505 policies show system sysmgr service pid 505 policies Workaround: The workaround is to use retrieve data using service name as shown below. show system sysmgr service name ha_mgr policies Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 07-JUN-2015 Known Affected Releases: 15.0SID Known Fixed Releases: 15.2(2)E2, 15.2(3)E, 3.6(2)E, 3.7(0)E Bug Id: CSCuq73836 Title: C3850 sends unexpected GARP Description: Symptom:C3850 will sent a GARP which it should not Conditions:a tester is sending a arp with C3850's ip address and its own MAC address Workaround:Disable IPDT on uplinks towards C3850 using "nmsp attachment suppress" command. More Info:the issue is not seen when C3750X is used Status: Fixed Severity: 2 Severe Last Modified: 08-JUN-2015 Known Affected Releases: 15.0(1)EZ4 Known Fixed Releases: 15.2(2)E1, 15.2(3)E, 3.6(1)E, 3.7(0)E Bug Id: CSCuu47140 Title: MAC learning not taking place on one ASIC of a 3850 switch Description: Symptom: In some rare circumstances, it has been seen Mac Learning is not occurring for either ports 1-24 or ports 25-48 on one member switch of a stacked 3850. Traffic will flow through the ports. L2 traffic flooding will work. Conditions: Issue is seen with IOS-XE 3.2.2, 3.2.3 and 3.3.0 shut/no shut of the affected ports will not enable learning. Workaround: Reload the affected switch. Further Problem Description: Status: Terminated Severity: 2 Severe Last Modified: 08-JUN-2015 Known Affected Releases: n/a Known Fixed Releases: Bug Id: CSCuu36538 Title: Port of CSCuq73836 to polaris dev - C3850 sends unexpected GARP Description: Symptom: refer CSCuq73836 Conditions: Workaround: Further Problem Description: Status: Other Severity: 2 Severe Last Modified: 10-JUN-2015 Known Affected Releases: 15.0(1)EZ4 Known Fixed Releases: Bug Id: CSCur76872 Title: Stack manager goes down when the system runs out of SDP buffer. Description: Symptom: The SDP (stack discovery protocol) buffer pool gets filled completely and hence the stack manager process goes down. This may manifest itself as any of a number of symptoms, many of which would appear at first glance to be due to stack cable instability (e.g. switches dropping from the stack and rejoining, stack merges, keepalive timeouts, etc). The fingerprint of this issue is one of more sets of messages similar to the following in the "Trace buffer: stack-mgr-events" in any system-report or switch-report files which are generated during an event: [01/26/15 23:50:49.498 UTC 283424 5943] No buffers available in chunk ssm 0x55c40ae0, buf (nil)Try increasing the chunk size [01/26/15 23:50:49.498 UTC 283425 5943] smn-error: ran out of buffers Conditions: The issue is seen after SSO In mixed stack and the issue also gets triggered randomly whenever there is a PDS buffer overflow (a high rate of L2 & L3 protocol packets) in any stack. Issue has been seen: - After an SSO in a mixed stack - When any SDP buffer overflow occurs in any stack, which can be triggered by a high rate of L2 / L3 protocol packets. Workaround: There is currently no workaround available for this issue. Further Problem Description: This defect is fixed in the 3.6.2a.E and 3.7.1.E releases. Status: Fixed Severity: 2 Severe Last Modified: 11-JUN-2015 Known Affected Releases: 15.2(3.0.81)E1 Known Fixed Releases: 15.2(2)E2, 15.2(3)E1, 3.6(2)E, 3.7(1)E Bug Id: CSCut06539 Title: Standby switch in 3850 stack crashes in .1x code Description: Symptom: A 3650 or 3850 switch running 3.6.1E or 3.7.0E and using dot1x authentication could experience a crash during new client registration. Conditions: Exact conditions not yet known Workaround: No known workaround. Further Problem Description: Status: Open Severity: 1 Catastrophic Last Modified: 11-JUN-2015 Known Affected Releases: 15.2(2.0.0) Known Fixed Releases: Bug Id: CSCuc91458 Title: PoE ports drop on 3850 after a single stack port is disabled Description: Symptom: Some of the PoE devices connected to the WS-C3850-48P or WS-C3850-24P switches will be powered down temporarily Conditions: This happens when the stack power port is enabled or disabled using, Switch(config)#stack-power switch command Workaround: Workaround is not required. All PoE devices will get powered on automatically after about 1 to 2 minutes without any manual intervention. Status: Terminated Severity: 2 Severe Last Modified: 12-JUN-2015 Known Affected Releases: 15.0(8.95)EMP1 Known Fixed Releases: Bug Id: CSCut44425 Title: SFP remove and crash when "show platform port-asic 0 read counters" Description: Symptom: SFP remove and crash occur when run "show platform port-asic 0 read counters" command Conditions: when "show platform port-asic 0 read counters" command is run Workaround: We can use the following command as workaround now. Switch#show platform fwd-asic counters tla ? AQM Active Queue Management ASE Acl Search Engine EGR Egress Global Resolution EPF Egress Scheduler Module EQC Egress Scheduler Module ESM Egress Queue Controller FPE Flexible Parser FPS Flexible Pipe Stage FSE Fib Search Engine IGR Ingress Global Resolution IPF Ingress Port FIFO IQS Ingress Queues and Scheduler NFL Netflow NIF Network Interface PBC Packet Buffer Complex PIM Protocol Independent Multicast PLC Policer RMU Recirculation Multiplexer Unit RRE Reassembly Engine RWE Rewrite Engine SEC Security Engine SIF Stack Interface SQS Stack Queues And Scheduler SUP Supervisor Interface Switch#show platform fwd-asic counters tla NIF detail asic 0 sw 4 Starting with asic 0 NifRxByteDestinationGroupStats on Asic 0 [0] rxUnicastBytes1 0x00000000 rxUnicastBytes0 0x00000184 rxMulticastBytes1 0x00000000 rxMulticastBytes0 0x00000000 rxBroadcastBytes1 0x00000000 rxBroadcastBytes0 0x00000000 Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 15-JUN-2015 Known Affected Releases: 15.5(2)T Known Fixed Releases: Bug Id: CSCus13484 Title: Clients stuck in IDLE Description: Symptom: Clients stuck in IDLE state Conditions: Open WLAN, 5760 running 03.06.00SE Workaround: Force deauthenticate clients: wireless client mac-address H.H.H deauthenticate forced Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 17-JUN-2015 Known Affected Releases: 10.2(102.0) Known Fixed Releases: Bug Id: CSCun78227 Title: Incorrect temperature thresholds reported via SNMP Description: Symptom: entSensorThresholdValue reports impossible temperature thresholds on 3850 Conditions: This is known to affect 3850 running 3.2.3SE and 3.3.2SE code, but may affect other versions Workaround: Use CLI to check temperature thresholds i.e. show environment temperature status OR, use ciscoEnvMonTemperatureStatusDescr This will state the temperature threshold in terms of GREEN, YELLOW or RED Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 18-JUN-2015 Known Affected Releases: 15.0(1)EZ2 Known Fixed Releases: 15.0(1)EZ4, 15.0(1.6)TTT, 15.0(13.80)EZD, 15.0(14.57)EZD, 15.2(2)E, 3.3(4)SE, 3.6(0)E Bug Id: CSCui36435 Title: 3850 switch crashes when FNF is removed from interface Description: Symptom: 3850 switch crashes when configured for Flexible Netflow. Conditions: Crash has been seen when FNF is removed from the interface. Workaround: Shutdown the interface first before unconfiguring FNF. More Info: Status: Terminated Severity: 2 Severe Last Modified: 18-JUN-2015 Known Affected Releases: 15.0(1.1)EX Known Fixed Releases: Bug Id: CSCur25796 Title: Phones on protected switch ports unable to communicate with each other. Description: Symptom: Phones on protected switch ports cannot communicate with each other. Conditions: With the 'switchport protected' privileged EXEC command, the EAP times out, authentication fails, and 802.1x authentication is stopped. Workaround: There is no workaround. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 18-JUN-2015 Known Affected Releases: 15.0(1)EZ4, 15.2(2)IE101.140 Known Fixed Releases: 15.2(2)E2, 15.2(3)E1, 3.6(2)E, 3.7(1)E Bug Id: CSCuj10443 Title: Standby sw crash@crypto_engine/sw/src/keylib/lib_key_storage.c:646 Description: Symptom: Switch crashes when being added to stack after switchoer Conditions: This occurs in switchover scenarios Workaround: Reload the complete stack and boot again. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 19-JUN-2015 Known Affected Releases: 15.0(11.98)EMP, 15.0(12.3)EMP, 15.2(2.2.94)E Known Fixed Releases: 12.2(60)EZ2, 12.2(60)EZ3, 15.0(1)EZ, 15.0(1)EZ1, 15.0(12.14)EZD, 15.0(14.1)TSR, 15.0(14.49)EZD, 15.0(2)EX5, 15.0(2)EX7, 15.0(2)SE7 Bug Id: CSCuu88630 Title: 3850 Stack Running Out of SDP Buffers w/ "smn-error: ran out of buffers" Description: Symptom: A 3850 stack may see several switches leave the stack unexpected. Eg: %STACKMGR-6-SWITCH_REMOVED: 1 stack-mgr: Switch X has been removed from the stack. In addition, "Switch Report" files are being generated for each switch reload event: STACK#dir crashinfo:/ 1 -rw- 896500 Jan 1 2015 00:00:00 -00:00 switch_report_1_20150101-000000.gz Upon examining the Switch Report file's contents, the following buffer allocation errors are seen: ===================== Trace Buffer: stack-mgr-events ===================== [01/01/15 00:02:01.679 EST xxxxxx XXXX] smn_sdp_neighbor_tx:stack_port SMN_STACK_PORT_BOTH XXXXXX [01/01/15 00:02:01.679 EST xxxxxx XXXX] smn_sdp_neighbor_tx: trying neighbor tx SMN_STACK_PORT_BOTH XXXXXX [01/01/15 00:02:02.943 EST xxxxxx XXXX] No buffers available in chunk ssm 0xXXXXXXXX, buf (nil)Try increasing the chunk size [01/01/15 00:02:02.943 EST xxxxxx XXXX] smn-error: ran out of buffers [01/01/15 00:02:03.039 EST xxxxxx XXXX] Peer X not responding, removing it [01/01/15 00:02:03.039 EST xxxxxx XXXX] queue SMN_SW_REMOVAL_EVENT for X [01/01/15 00:02:03.039 EST xxxxxx XXXX] removal of switch X, xx:xx:xx:xx:xx:xx Conditions: Running an IOS-XE release where bug CSCur76872 was already fixed. Issue may be caused by a high rate of hardware interrupt messages being sent across the stack due to hardware failure of a stack member. In the logs, excessive A6 interrupts may be seen: STACK#show mgmt-infra trace messages stack-mgr-events switch X | inc A6\ interrupt\ event [01/01/15 00:07:34.704 UTC xxxxx XXXX] A6 interrupt event [01/01/15 00:07:35.897 UTC xxxxx XXXX] A6 interrupt event [01/01/15 00:07:37.729 UTC xxxxx XXXX] A6 interrupt event [01/01/15 00:07:39.619 UTC xxxxx XXXX] A6 interrupt event [01/01/15 00:07:41.364 UTC xxxxx XXXX] A6 interrupt event Workaround: None known, potential hardware failure. Further Problem Description: Status: Terminated Severity: 2 Severe Last Modified: 19-JUN-2015 Known Affected Releases: 15.2(3)E Known Fixed Releases: Bug Id: CSCue60618 Title: Katana: ability to shut NMSP (default) service on TCP port 16113 Description: Symptom: Katana: ability to shut NMSP (default) service on TCP port 16113. Conditions: This symptom is observed in the default configuration. Workaround: There is no workaround. More Info: After this fix, the NMSP feature needs to be explicitly enabled using CLI nmsp enable. This change satisfies the security baseline requirement that no TCP ports should be open as a default option. The NMSP port 16113 can now be disabled with CLI no nmsp enable which was not an option before this fix. Status: Fixed Severity: 2 Severe Last Modified: 20-JUN-2015 Known Affected Releases: n/a Known Fixed Releases: 10.1(0.22), 10.1(100.0), 10.2(1.1), 10.2(1.25), 15.0(1)EZ, 15.0(10.1)PKD, 15.0(11.11)EMW, 3.3(0)SE Bug Id: CSCuu71450 Title: Beni-E2:Client traffic fails after MA to MC roaming Description: Symptom: Beni-E2:Client traffic fails after MA to MC roaming Conditions: Workaround: None Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 20-JUN-2015 Known Affected Releases: 40.1(100)DSP Known Fixed Releases: Bug Id: CSCuh59075 Title: member switch crashed with tracebacks due to MEMBLK CORRUPTION Description: Crash on the system after netflow configuration and unconfiguration. Symptom: Crash with MEMBLK corruption is observed. Conditions: When "collect interface input" and "collect interface output" fields are configured in a flow record, followed by attaching to flow monitor to interface and then un-configuring these fields and reattaching the same flow monitor to and interface. Crash is observed on execution of "show flow mon cache" Workaround: 1) Reload the system. 2) Configure flow monitor with correct fields to avoid un-configuration. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 22-JUN-2015 Known Affected Releases: 15.0(1)EZ Known Fixed Releases: 15.0(1)EZ3, 15.0(13.21)EZD, 15.0(14.49)EZD, 15.2(2)E, 3.3(3)SE, 3.6(0)E Bug Id: CSCue76684 Title: 3850 switch or 5760 controller fails boot after configuration is saved Description: Symptom: In certain boot sequences, the BOOT variable will be removed from the switch which will cause the next switch reboot to fail and switch will remain in bootloader prompt. Conditions: This problem will be observed in following scenarios: 1. Switch is not configured with a boot variable using "boot system switch all flash:packages.conf" and the running configuration of the system is saved using "copy running-cfg startup-cfg" or "write memory". This will cause the current boot variable to be removed from boot loader. Hence, after the switch is reloaded it will not be able to automatically boot. 2. Switch is not configured with a boot variable using "boot system switch all flash:packages.conf" and the slave switches in the stack are reloaded. Since the boot variable is not configured, the member switches will be synced with a null boot variable. This will prevent the booting of the member switch after the reload and the switch will remain at the switch: (bootloader) prompt. Workaround: Configure the desired boot variable using the "boot system switch all flash:packages.conf" command in configuration mode, then save the configuration (write memory) to update the boot variables of the switches in the stack. Further Problem Description: If the switch is in bootloader mode because there are no BOOT variables set in the bootloader. In order to boot the switch user can do one of the following. 1. At the switch: prompt, type in: boot flash:packages.conf 2. Set the BOOT variable explicitly in the bootloader at the switch: promp, type BOOT=flash:packages.conf and then boot the switch using the boot command. External Field Notice (FN #63641) has been published for this issue - http://www.cisco.com/en/US/ts/fn/636/fn63641.html Status: Fixed Severity: 2 Severe Last Modified: 22-JUN-2015 Known Affected Releases: 15.0(1.1)EX, 15.0(6.91)EMW Known Fixed Releases: 15.0(1)EX1, 15.0(1)EX2, 15.0(1)EZ, 15.0(1.1)XSR, 15.0(1.44)XSR, 15.0(1.50)XRD, 15.0(1.54)XSR, 15.0(1.66)XSP, 15.0(9.0)PKD, 15.2(2)E Bug Id: CSCus99367 Title: 3850 re-writes mobility capwap data packets with TTL 9 Description: Symptom: 3850 re-writes mobility capwap data packets with TTL 9 Conditions: 3850 re-writes mobility capwap data packets with TTL 9. As a result any capwap data packets(DHCP/ARP etc) sent via mobility tunnel will have a TTL set to 9 which means these packets will not be able to make more than 9 hops. In an environment where 3850 wlan is anchored to another WLC/Switch >9 hops away, clients will not be able to get DHCP IP. Hardware affected: 3850/3650 Software versions impacted: 3.3.x, 3.6.0, 3.6.1, 3.6.2, 3.7.0, 3.7.1 5760 is not impacted by this issue Workaround: Shorten the path between the foreign and anchor or upgrade to fixed image. Further Problem Description: None. Status: Fixed Severity: 2 Severe Last Modified: 22-JUN-2015 Known Affected Releases: 15.2(3)E Known Fixed Releases: Bug Id: CSCuu70556 Title: stack manager crash @ dplr_pd_update_ring_status_chg Description: Symptom: 3850 switch running 3.7.1.E might experience a stack manager crash. Conditions: unknown yet Workaround: unknown yet Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 22-JUN-2015 Known Affected Releases: 15.2(3.7.1E) Known Fixed Releases: Bug Id: CSCuu41817 Title: 3850 cts assigning multicast traffic to sgt default (65535) Description: Symptom: Enforcement being applied to multicast traffic Conditions: Multicast traffic with igmp join Workaround: none Further Problem Description: NA Status: Fixed Severity: 2 Severe Last Modified: 23-JUN-2015 Known Affected Releases: 3.7(0) Known Fixed Releases: 15.2(4.0.15)E Bug Id: CSCuo14511 Title: fed and stack-mgr causing High CPU on 3850 Description: Symptom: 'stack-mgr' process shows high (>75%) CPU utilization. No packet forwarding impact observed in the switch Conditions: Observed conditions that were true for this to occur are: Frequent mac flapping Aggressive mac-aging timer configuration - less than or equal to 15 seconds Topology Change Notification due to frequent Spanning-Tree changes or spanning-tree misconfiguration in the network Workaround: Eliminate or fix the configuration errors/events triggering the conditions mentioned above. Further Problem Description: Status: Terminated Severity: 2 Severe Last Modified: 23-JUN-2015 Known Affected Releases: 15.0(1)EZ Known Fixed Releases: Bug Id: CSCus03250 Title: Stale IPDT entries denying connectivity to new clients Description: Symptom: Stale IPDT entries denying connectivity to new clients. We may see logs like this: ... Dec 4 12:25:15.856 CET: %WCDB-3-WCDB_IP_CONFLICT: The host 60d8.195a.2e9d source-DHCP on Interface Capwap14 is using the IP 10.194.74.148 of the host 9c20.7b0b.1234 source-DHCP on Interface Capwap65. ... 5760#show access-session mac 9c20.7b0b.1234 det No sessions match supplied criteria. 5760# 5760#show wcdb database 9c20.7b0b.1234 WCDB entry not found for 9c20.7b0b.1234 5760# 5760# show ip device tracking ip 10.194.74.148 Global IP Device Tracking for clients = Enabled Global IP Device Tracking Probe Count = 3 Global IP Device Tracking Probe Interval = 30 Global IP Device Tracking Probe Delay Interval = 0 ----------------------------------------------------------------------------------------------- IP Address MAC Address Vlan Interface Probe-Timeout State Source ----------------------------------------------------------------------------------------------- 10.194.74.148 9c20.7b0b.1234 779 Capwap65 30 ACTIVE DHCP ... Conditions: Wireless setup with external DHCP server. IPDT enabled. Workaround: Clear stale entry in IPDT table, but this tedious and kind of post issue. In order to prevent / or minimize the risk of the same problem occurrence in the future we have enabled suppression on the uplink ports: (config-if)#nmsp attachment suppress (config-if)#ip device tracking max 0 Further Problem Description: Status: Terminated Severity: 2 Severe Last Modified: 23-JUN-2015 Known Affected Releases: 10.2(111.0) Known Fixed Releases: Bug Id: CSCuo84770 Title: 3850/3.3.2SE/Not forwarding double dot1Q tagged packets Description: Symptom: 3850 not forwarding double dot1Q tagged ARP broadcast packets Conditions: A packet with two (or more) dot1Q tags ingressing into the switch Workaround: Disable IP device tracking. In interface mode, configure "ip device tracking maximum 0" cli. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 23-JUN-2015 Known Affected Releases: 15.0(1)EZ2 Known Fixed Releases: 15.0(1)EZ4, 15.0(1.77)ZSR, 15.0(14.1)TSR, 15.0(14.12)EZD, 15.0(14.57)EZD, 15.0(2.29)ZSR, 15.2(2)E1, 15.2(2.23)PSR, 15.2(2.39)PSR, 15.2(2b)E Bug Id: CSCul79858 Title: SNMP polling 3-4 days causes a switch crash Description: Symptom: When switch running 3.3.0/1 is being SNMP polled periodically, the memory leak might be observed. Once ran out of memory switch may crash Conditions: periodic SNMP polling. specific MIB OIDs which cause leakage are being investigated. Workaround: avoid periodic SNMP polling of the switch Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 24-JUN-2015 Known Affected Releases: 15.0(1)EZ Known Fixed Releases: 15.0(1)EZ2, 15.0(10.37)PKD, 15.0(10.37)PKP, 15.0(12.69)EZD, 15.0(14.1)TSR, 15.0(14.49)EZD, 15.0(2.29)ZSR, 15.2(1.1)PSR, 3.3(2)SE Bug Id: CSCuu98366 Title: The 3rd party vendor IP Camera is not getting power from Catalyst 3850 Description: Symptom: - The IP Camera is not working at all - We are constantly receiving following errors: 000423: *Apr 24 23:18:59.456 UTC: %ILPOWER-3-CONTROLLER_PORT_ERR: Controller port error, Interface Gi2/0/1: Power Controller reports power Imax error detected Conditions: - The IP Camera is working fine under Catalyst 3560 Workaround: None Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 24-JUN-2015 Known Affected Releases: 3.6(2)E Known Fixed Releases: Bug Id: CSCur26195 Title: Cannot clear authorization session on IOS-XE switch stack Description: Symptom: Dot1x configured on a 3850 switch stack running 03.06.00E authenticating against the ISE. After the device is disconnected from the switchport, we see that the authentication session is still stuck. Doing an clear authentication session on the interface does not help and no device can authenticate against the interface. DEN3850S-2B#sh auth sessions int gi2/0/32 detail Interface: GigabitEthernet2/0/32 IIF-ID: 0x102CB4000000F4B MAC Address: b8ca.3ad8.5d39 IPv6 Address: Unknown IPv4 Address: 192.168.2.27 (old IP address from previous swtichport access VLAN) User-Name: CA-50-0853.corp.collectamerica.com Status: Unauthorized Domain: DATA Oper host mode: multi-auth Oper control dir: both Session timeout: N/A Common Session ID: AC17049400001ED3F99F40BC Acct Session ID: Unknown Handle: 0x63000D1C Current Policy: POLICY_Gi2/0/32 Blocked On: User Profile Application - apply user profile (1) Server Policies: ACS ACL: xACSACLx-IP-PERMIT_ALL_TRAFFIC-51ef7db1 Method status list: Method State dot1x Authc Success Dot1x configuration has been removed from the port but we still see this stuck session. Conditions: 48 port 3850 switch stack running 03.06.00E configured for dot1x.This has also been seeing on a 4500 stack running the same version. Workaround: NA Further Problem Description: Status: Other Severity: 2 Severe Last Modified: 24-JUN-2015 Known Affected Releases: 3.6(0) Known Fixed Releases: Bug Id: CSCuu97048 Title: Traffic is dropped due to static mac entry on foreign interface Description: Symptom: Traffic sourced from particular MAC address is getting dropped when this MAC address is statically added for another physical interface in the same broadcast domain. Conditions: There is static MAC address entry which is pointing for particular interface. Traffic sourced from this MAC address is silently dropped on other interfaces. Workaround: Remove static MAC address entry Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 24-JUN-2015 Known Affected Releases: 15.2(3)E Known Fixed Releases: Bug Id: CSCuu31131 Title: Memory leak under *MallocLite* / tdl code for ipv4 and l3m Description: Symptom: Memory leak is seen in *MallocLite* process. if MallocLite is disabled, we see the increase in memory under the TDL code for l3m and ipv4. Further investigation is going on to identify the source code involved in triggering the leak. Conditions: Not known Workaround: Not known Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 25-JUN-2015 Known Affected Releases: 3.6(2)E Known Fixed Releases: 15.2(4.0.8)E Bug Id: CSCup49704 Title: 3850 FED Crash - Waiting for SPI channels FED_SPI_FLCD,FED_SPI_FAST ... Description: Symptom: When abruptly reloading (eg: manual power cycle) or adding/removing a switch member from a 3850 stack, other switches in the stack may begin crashing on the FED (forwarding engine driver) due to a timeout on the SPI, which is the internal message-passing system that lets services communicate with one another. The following logs may be seen for the stack members that enter a crash loop: FED-3-INIT_FAILED MEMBER: X fed: Module SPI Channel failed initialization Waiting for SPI channels FED_SPI_FLCD,FED_SPI_FAST_CONV, IOSXE-3-PLATFORM MEMBER: X process sysmgr: Service [fed] pid:[XXXX] terminated abnormally [6]. The bug is for 3850 and 3650 as its a timing issue and not related to any particular HW. Conditions: A stack member must be either be reloaded abruptly (eg: manual power cycle) or added/removed from the stack. Workaround: Reload the entire stack to resolve a sync issue. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 26-JUN-2015 Known Affected Releases: 15.0(1)EZ, 15.2(2)E Known Fixed Releases: 15.2(2)E1, 15.2(3)E, 3.6(1)E, 3.7(0)E Bug Id: CSCus13331 Title: iosd crash in_be_http_epm_process_clean_up Description: Symptom: 5760 will randomly crash. Was on call with cu when this happended and it was when we were trying to config fqdn acl on the wlc. Conditions: trying in config fqdn acl with CWA with ClearPass Radius. Once a client connected to this wlan the wlc crashed. We adjusted the acl's in the redirect acl and tried again but as soon as a client connected the wlc crashed a second time. Workaround: none Further Problem Description: Status: Fixed Severity: 1 Catastrophic Last Modified: 27-JUN-2015 Known Affected Releases: 3.6(0) Known Fixed Releases: 15.2(4.10.54)PI5 Bug Id: CSCuu35972 Title: MCAST streams stop with more then one outgoing interfaces in the RIL Description: Symptom: With more then one outgoing interfaces, multicast streams do not getting forwarded to any OIL interfaces. The switch forwards multicast stream just fine as long as there is only a single interface in the OIL list. Conditions: The issue is seen if there are 2 or more outgoing interfaces. Workaround: Not known Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 27-JUN-2015 Known Affected Releases: 3.6(2)E, n/a Known Fixed Releases: Bug Id: CSCup86496 Title: unicast ARP replies not destined to 3850 are forwarded to ARP module Description: Cu migrated 3750 switches to 3850 switches. and they use NAC for security. The problem occurred with 3850 due to abnormal ARP table update. Symptom:In 3850, we see that even the unicast ARP replies which are not destined to this box being forwarded to ARP module which will then learn and update the Src MAC for Src IP address which is creating an issue Conditions:when the 3850 gets ARP replies which are not destined to this box Workaround:None. More Info: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 15.4(2.12)CG26 Known Fixed Releases: 15.0(1)EZ5, 15.0(14.57)EZD, 15.0(2.29)ZSR, 15.2(2)E1, 15.2(3)E, 3.3(5)SE, 3.6(1)E, 3.7(0)E Bug Id: CSCuj51372 Title: MacLearning not occuring for a group of 24 ports on 3850 Description: Symptom: In some rare circumstances, it has been seen Mac Learning is not occurring for either ports 1-24 or ports 25-48 on one member switch of a stacked 3850. Traffic will flow through the ports. L2 traffic flooding will work. Conditions: Issue is seen with IOS-XE 3.2.2, 3.2.3 and 3.3.0 shut/no shut of the affected ports will not enable learning. Workaround: Reload the affected switch. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: n/a Known Fixed Releases: 15.0(1)EZ1, 15.0(12.41)EZD, 15.0(14.49)EZD, 15.2(2)E, 3.3(1)SE, 3.6(0)E Bug Id: CSCuu87436 Title: 3850 / 3.7.1E / "switchport block multicast" blocks multicast ip traffic Description: Symptom: + Multicast ip traffic blocked + Eg: MDNS traffic Conditions: + Requires the command "switchport block multicast" configured on the egress interfaces. Workaround: + Remove "switchport block multicast" Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 3.6(0)E Known Fixed Releases: Bug Id: CSCut26365 Title: Packet drop on 3850 by an unrelated ACL entry Description: Symptom: TCP ack packet is discarded by unrelated ACE on 3850. Conditions: "establish" option is used. Workaround: The problem happened with tcp flags which have multiple bit set. If customer cofig as separate bit, then there is no issue. The ace: deny tcp any any eq ftp established Configured as two aces (because the tcp flag establish means "ack or rst" deny tcp any any eq ftp ack deny tcp any any eq ftp rst Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 3.7(0)E Known Fixed Releases: Bug Id: CSCum20883 Title: Switch crash after modifying WCCP ACL used for redirection Description: Symptom: Switch crashes after WCCP configuration change. Conditions: Thus far, this has only been seen when the ACL used for redirection was modified. Workaround: None. Further Problem Description: Status: Other Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 15.0(1)EZ Known Fixed Releases: Bug Id: CSCut22611 Title: 3850 - 1 GiG 1000BaseLX negotiates to "HALF DUPLEX" after reload Description: Symptom: 1 Gig port (1000BaseLX) sometime starts operating at HALF DUPLEX mode after a reload. Shut/no shut or plugging/unplugging the SFP does not fix the issue. Only way to fix it, is remove the SFP, hardcode the duplex to full and insert SFP back. Conditions: WS-C3850-24U running 3.3.5 Both ports need to be connected to C3850-NM-4-1G. GBIC used- GLC-LH-SMD for 1000BaseLX Workaround: Not Available yet. UDLD should be kicked in to stop any possible layer 2 loop due to this unidirectional situation but this is anyway not a valid workaround to stop the SFP port operating at HALF DUPLEX. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 15.0(1)EZ5 Known Fixed Releases: 15.2(3)E1, 3.7(1)E Bug Id: CSCut50625 Title: switch crash with dot1x traceback Description: Symptom: first seen on 3560/3850 switch crashes with dot1x traceback ( please contact TAC to analyse crashinfo file ) Conditions: aaa configuration Workaround: unknown Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 15.2(2.1), 15.3(1.8.44) Known Fixed Releases: 15.2(4.0.26)E Find additional information in Bug Search index.   2013 Cisco and/or its affiliates. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks